Laeli

Privacy Policy

Effective date: [set on launch day]  ·  Last updated: [set on launch day]

1.Who we are

Laeli ("Laeli", "we", "us", "our") is a dog-training coaching app and website (laeli.app) operated by [Legal Entity Name] ("the Company"), the data controller responsible for your personal data. You can reach us any time at [email protected].

2.What this policy covers

This policy applies to the Laeli iOS app, our website (laeli.app, including legal.laeli.app), and our contact form. It does not cover third-party services we link to, which have their own policies.

3.The personal data we collect

We collect the following, and only for the purposes shown:

4.What we do not collect or do

• We do not sell your personal data, and do not share it for cross-context behavioral advertising.
• We do not run third-party advertising or ad-tracking SDKs.
• We do not collect precise location, microphone or camera content (the camera is only for owner/dog photos you choose to add, which stay on your device unless you enable cloud sync), contacts, calendar, or veterinary/medical records.
• We do not require your real name — Laeli works fine without it.

5.How we use your data

• Provide and personalize the coaching, plan, and journal features.
• Detect behavior patterns and route safety-sensitive messages appropriately.
• Create and secure your account and enforce subscription limits.
• Schedule the reminders you set.
• Fix crashes, prevent abuse, and keep the service reliable.
• Respond to your support and contact-form messages.
• Comply with law and enforce our Terms.

6.Our legal bases (EEA / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on: performance of our contract with you (to provide the app you signed up for); our legitimate interests (to secure, debug, improve, and prevent abuse of the service); your consent (e.g. optional photos, or any future marketing — which you can withdraw); and legal obligation. Where safety-routing involves health-adjacent context, we process it because it is necessary to provide the service you requested and at your direction.

7.How the Laeli AI works

Coaching replies are generated by OpenAI's gpt-4o-mini model. On each coaching request we send: your dog's profile (no real-name identifiers unless you typed them); your most recent journal entries (last 3 days on Free; full history on paid tiers); recent chat turns and rolling memory snapshots; today's plan and how much you've completed; short pattern summaries; safety-routing labels; a brief excerpt of any red-flag log from the last 48 hours; and your question. OpenAI does not train on this data (per their API terms for business customers), and we don't log requests beyond what's needed for billing and abuse prevention.

8.Who we share data with

We share data only with vetted providers who process it on our behalf, under contract, for the purposes above:

• OpenAI — generates coaching replies. Does not train on your data.
• Supabase — our backend: authentication, database, serverless functions, and logs.
• Sentry — crash and error reporting (with PII redacted before it leaves your device).
• Apple App Store & RevenueCat — process and manage your subscription.
• Resend — delivers contact-form and account emails.
• Cloudflare — hosts laeli.app, routes our [email protected] email, and helps protect against abuse and bots.

We may also disclose data where required to comply with law, respond to lawful requests, enforce our Terms, or protect the rights, property, or safety of users, the public, or Laeli. If Laeli is ever involved in a merger or acquisition, data may transfer as part of that transaction, subject to this policy.

9.Where your data is stored & international transfers

Your data lives on your device and on our providers' infrastructure, which may be located in the United States and/or the European Union. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses and our providers' own compliance frameworks.

10.Cookies & similar technologies

The app uses no advertising cookies or tracking SDKs. The laeli.app website is a static site that does not set advertising or analytics cookies; our infrastructure provider may set strictly necessary cookies for security and bot protection. If we ever add analytics, we will update this policy and, where required, ask for your consent.

11.How long we keep your data

• Local data stays on your device until you delete it in-app or uninstall.
• Server-side data (account, synced journal, chat history) is kept while your account is active.
• Account deletion is available in Profile → Settings → Delete account — it removes your backend data, signs you out, and wipes local data on that device. Processed within 30 days.
• Inactive anonymous accounts unused for 365 days are deleted automatically.
• Contact-form emails are kept only as long as needed to handle your enquiry, then deleted.
• Crash reports follow Sentry's standard retention (90 days on our plan); server logs follow our backend provider's standard retention.

12.How we protect your data

We use encryption in transit and at rest where our providers support it, redact known personal fields before crash reports and logs are written, and limit access to Laeli engineers for debugging and abuse prevention. No system is ever completely secure, but we take commercially reasonable measures to protect your data.

13.Data breaches

If a security incident affects your personal data, we will assess it promptly and notify you and any relevant supervisory authority where required by law.

14.Your privacy rights

You can at any time:

• Export your data — email [email protected].
• Delete your account — Profile → Settings → Delete account.
• Ask what data we hold about you — [email protected].

If you are in the EEA or UK, you also have the rights to access, rectify, erase, restrict, port, and object to processing of your data, to withdraw consent, and to lodge a complaint with your local data protection authority. We respond to verified requests within 30 days (extendable for complex requests, with notice).

15.US state privacy rights

If you are a resident of California (CCPA/CPRA) or of Virginia, Colorado, Connecticut, Utah, or another US state with a comprehensive privacy law, you have rights to know, access, correct, delete, and obtain a copy of your personal information, and to opt out of the "sale" or "sharing" of personal information and of targeted advertising. Laeli does not sell or share your personal data and does not use it for targeted advertising, so there is nothing to opt out of — but you can still exercise your other rights by emailing [email protected]. We will not discriminate against you for exercising any right, and you may use an authorized agent.

16.Children's privacy

Laeli is not directed to children under 13 (or under the minimum age of digital consent in your country, where higher). We do not knowingly collect personal data from children. If you believe a child has provided us data, email [email protected] and we will delete the account.

17.Third-party links

Our app and website may link to third-party sites or services. We are not responsible for their privacy practices — please review their policies.

18.Changes to this policy

We may update this policy from time to time. We will notify you in the app and/or by email of material changes. Continued use of Laeli after a change takes effect constitutes acceptance.

19.How to contact us

Questions or requests about your privacy:

[Legal Entity Name]
[Registered address]
[email protected]